US English (US)
CA French (Canada)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below using as much detail as possible so that our team can best assist you.

  • Home
  • Contact Us
  • Employee Log In
  • Getting Started
  • Using Your SpectrumVoIP Services
  • Working Remotely
  • Frequently Asked Questions
  • Troubleshooting
  • Training Resources
English (US)
US English (US)
CA French (Canada)
  • Home
  • Getting Started
  • Preparing to Use VoIP Services

Recommended Router and Firewall Settings

Explore the settings and parameters to configure to ensure your router and firewall devices are ready for VoIP services.

Written by Adrian Angwenyi

Updated at October 1st, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request. We’ll reach back to you via email as soon as possible.

Please fill out the contact form below using as much detail as possible so that our team can best assist you.

After clicking 'Submit Ticket' you wil receive an email confirmation that your ticket has reached a member of our support team. They will reply back to continue to supporting, or you can call in referencing the ticket number on the email. (469) 429-2500

  • Getting Started
    Policies Preparing to Use VoIP Services Billing Basics Register an SMS Campaign Connect Your Device Using Your Phones Web Portals
  • Using Your SpectrumVoIP Services
    Customer Announcements Basic Phone Use The Stratus Platform The Enswitch Platforms SMS Messaging Use Your Fax Service Manage Your Network Equipment
  • Working Remotely
    Relocate Your Phone Use Your Phone Remotely Stratus Working Remotely Enswitch Working Remotely
  • Frequently Asked Questions
    Getting Help Common Equipment and Feature Questions SMS Campaign Registry Billing and Accounting Questions LNP / Porting Telephone Numbers
  • Troubleshooting
    Common VoIP Issues and Solutions Fax Problems Phone Problems Share Your Screen
  • Training Resources
    Web Portal User Guides Phone Video Tutorials Phone Guides Fax Guides Stratus Mobile App Guides ES Mobile App Guides StratusHUB Guides ES Desktop App Guides
+ More

Table of Contents

General Configuration Settings to Disable Settings to Enable Subnet and Port Configuration SpectrumVoIP Public Subnets Ports - Stratus Platform Ports - Enswitch 1 and 2 Platforms Push Notifications Ports Bandwidth Requirements Assign a Voice VLAN to Phones Manual/Static Port Configuration Automatic Discovery via LLDP/CDP What is LLDP-MED? Option 132 for Yealink Phones StratusFAX 2.0 Faxing Option 66: Phone Provisioning via DHCP

General Configuration

WARNING: It is recommended to consult your IT, MSP (Managed Service Provider), or another network professional when configuring advanced network settings or devices.

While resolving any network issues, we also recommend configuring and testing Bandwidth Management/Traffic Shaping policies that prioritize VoIP traffic on your router/firewall.

 

 

Settings to Disable

  • SIP ALG (Application Layer Gateway) functions such as SIP Transformations, SIP Application Helpers, SIP Normalization, etc..
  • SPI (Stateful Packet Inspection) or DPI (Deep Packet Inspection) for the IP addresses of phones and voice VLANs. 

    NOTE: You can leave SPI and DPI enabled for all other devices. You would only need to disable SPI or DPI for the IP addresses of phones or a voice VLAN you have assigned your phones to. 

     
  • AV Client Enforcement on any IP address assigned to a phone
  • Content Filtering on any IP address assigned to a phone

 

Settings to Enable

  • Bandwidth Management/Traffic Shaping (See below for a list of our network blocks and bandwidth requirements)
  • Default UDP session timeout set to 300 seconds
  • Consistent NAT (Sonicwall)
  • Load balancing policy configured for ingress and egress of phones only utilizing the same WAN interface. (If applicable)

    DANGER: We do NOT support the use of load-balancing for traffic entering and exiting multiple WAN interfaces.

    For SD-WAN or Multi-WAN setups, please ensure that all traffic is being sent out through a single WAN interface, otherwise provisioning and directories may not work as intended. 

     
  • Inbound and outbound traffic on ports and subnets listed below
  • DNS resolution for the phones

 


Subnet and Port Configuration

Read the sections below to allow traffic from the services in use by your company. If you not using a specific service, such as Stratus users that do not use our Enswitch platform and vice versa, you can avoid opening the ports used by that service.

Note: If you are not sure which services you are using and which ports and subnets should be opened, contact your Installer or our Technical Support team for more information.

 

 

SpectrumVoIP Public Subnets

  • 199.71.209.0/24
  • 24.227.249.0/25
  • 72.249.136.32/28
  • 206.123.122.32/27
  • 212.69.157.32/27
  • 40.143.31.64/27
  • 45.41.5.0/24
  • 12.150.91.0/24

 

Ports - Stratus Platform

IMPORTANT: These ports only need to be opened if you are utilizing our Stratus platform. If you are using our Enswitch (ES) platforms, these ports do not need to be opened. 

If your company does not use StratusMEETING or StratusWEB PHONE, the ports/subnets for those services do not need to be allowed or opened.

If you are not sure which services you are utilizing, contact your Installer or our Technical Support team for more information.

 

Main Utilized Ports

  • 5060-5062 UDP - SIP
  • 20,000-40,000 UDP - RTP
  • 80, 443 TCP - HTTP/HTTPS

Portal Dynamic Updates

  • 8001 - TCP

Text-to-Speech Services - TCP and UDP

  • 35.175.185.150:3001
  • 35.175.185.150:8000
  • 44.212.88.215:8000
  • 54.149.243.27:3001
  • 54.149.243.27:8000
  • 54.70.235.134:3001
  • 54.70.235.134:8000

StratusFAX 2.0 - TCP

  • 5066 TCP - HTTPS and HTTP

REMINDER: If your company does not pay for and use StratusFAX 2.0, the port for this service does not need to be opened.

 

StratusMEETING - TCP and UDP

REMINDER: If your company does not use StratusMEETING, the subnets for this service do not need to be allowed.

 
  • 54.188.133.147:3443
  • 3.130.158.184:3443
  • 35.183.150.146:3443

StratusWEB PHONE

REMINDER: If your company does not use StratusWEB PHONE, the port for this service does not need to be opened.

 
  • 9002 - TCP - websockets

 

Ports - Enswitch 1 and 2 Platforms

IMPORTANT: These ports only need to be opened if you are utilizing one of our Enswitch (ES1 or ES2) platforms. If you are using our Stratus platform, these ports do not need to be opened. 

If you are not sure which service you are utilizing, contact your Installer or our Technical Support team for more information.

 
  • 5060-5062 UDP - SIP
  • 10,000-20,000 UDP - RTP
  • 80, 443 TCP - HTTP/HTTPS

 

Push Notifications Ports

IMPORTANT: If your users are using our softphone mobile apps on cellular devices or tablets connected to the office's Wi-Fi network, it is recommended to open these ports on the firewall equipment so that push notifications for the apps are not blocked. 

 

Android and Google Devices - Google's Firebase Cloud Messaging, aka FCM

  • 443, 5228, 5229, 5230 - TCP

More Info: Ports 5228, 5229, and 5230 are the primary ports used by Google's Firebase Cloud Messaging (FCM) service for mobile devices to receive push notifications. 

 

Apple Devices - Apple Push Notification Service, aka APNs

  • 5223, 443, 2197 - TCP

More Info: Port 5223 is the primary port for communication used by Apple's Push Notification Service (APNs). 

Ports 443 and 2197 are used for sending notifications from Mobile Device Management (MDM) software to APNs and as a fallback on Wi-Fi if port 5223 cannot be utilized.

 

 


Bandwidth Requirements

Voice-only applications utilize G.711 U-Law as the primary codec and require 87.2 Kbps of bandwidth per active call. We've found a good rule of thumb is to round the requirement up to 100Kbps to account for signaling and overhead. 

For example… A 10Mbps/1Mbps ISP connection that is solely dedicated to the phones would support 10 concurrent phone calls.

 

 


Assign a Voice VLAN to Phones

Creating a dedicated VLAN for your different groups of IP devices, such as your desk phones, is a great way to simplify managing your network and troubleshooting future issues with those devices. It is generally recommended to use VLANs to isolate IP devices to reduce the risk of unauthorized access to these devices and limit the spread of potential threats within your network. Segmenting a network using VLANs can also help reduce congestion and improve a network's overall performance, which can be a great boon for networks with many VoIP devices. 

Many models of gateways and network switches allow you to automatically place VOIP devices on a dedicated VLAN. There are several ways to accomplish this:

Note: Setting up voice VLANs on your network equipment will vary by manufacturer. It is recommended to reference resources provided by your equipment's manufacturer to see what features are available. 

If you have any questions, you can contact your Installer or our Technical Support team for more information.

 

 

Manual/Static Port Configuration

This is the most basic method, requiring explicit, per-port configuration by a network administrator. It is typically used when automated discovery is not available or desired. The switch port must be configured as an access port with a specific voice VLAN setting. The switch is explicitly told to use a specific Data VLAN for untagged traffic (for the connected PC) and a specific Voice VLAN for tagged (802.1Q) traffic. Any traffic arriving on that port that is untagged is placed into the Data VLAN, and any traffic tagged with the Voice VLAN ID is placed into the Voice VLAN. The IP phone must be manually configured (or use a secondary method like DHCP) to tag its voice traffic correctly. 

Note: If you choose this method, please provide your installer with the VLAN ID you wish to use so they can add that parameter to your devices' network settings.

 

 

Automatic Discovery via LLDP/CDP 

If your network switches support Link Layer Discovery Protocol (LLDP), LLDP Media Endpoint Discovery (LLDP-MED), and/or Cisco Discovery Protocol (CDP), Grandstream, Yealink, and Polycom desk phones are compatible with these protocols and can utilize them to be discovered by neighbor devices and switches. 

If your network switch does offer LLDP, LLDP-MED, or CDP, it is recommended to ensure these protocols are enabled and configured to point to your desired VLAN. Doing so will allow the switches to discover compatible IP phones and set the devices in a VLAN dynamically depending on the device's configuration information. 

What is LLDP-MED?

LLDP-MED is an extension of LLDP that operates between IP phones and network devices, such as switches for voice over IP (VoIP) applications. It does this by sending TLVs.

TLVs (Type-Length-Value) are attributes that describe type, length, and value. Devices that support LLDP can use TLVs to receive and send information with neighboring devices. The information shared using this protocol can be configuration information, device capabilities, and device identity. 

Switches that have LLDP-MED enabled can use specialized TLVs that describe discovery capabilities, supported network policies, Power over Ethernet (PoE) capability, and inventory management. This can make connecting and managing IP devices, such as our desk phones, more streamlined. 

 
 

 

Option 132 for Yealink Phones

Option 132 in DHCP is a feature that enables automatic VLAN assignment. When a device connects to the network, it sends a DHCP request containing its MAC address. The DHCP server that has Option 132 configured identifies the device and assigns a suitable VLAN. 

NOTE: This only works for Yealink brand phones and needs to be made as a custom option on a DHCP Server.

 

To create a DHCP VLAN option on your DHCP server to allow Yealink phones to automatically connect and provision when plugged in, the following can be configured:

  • Option 132: Set Voice VLAN ID
  • Type: String (ASCII)
  • Value : 'VLANTAG' for example '20' for VLAN 20

This DHCP option should be applied to your native DHCP server so that the phones receive the configuration when first plugged in. This may also be applied to the voice VLAN if needed.

 


StratusFAX 2.0 Faxing

If you are utilizing content filtering on a firewall and are experiencing issues faxing with StratusFAX 2.0 using a fax machine connected to an ATA, it may be necessary to adjust the firewall to allow traffic from the ATA.

Similar to desk phones that use VoIP, it is recommended to assign your ATA to a voice VLAN to ensure its traffic is prioritized and exempted from SPI/DPI. 

You can also add a NAT rule that allows traffic from your ATA for StratusFAX 2.0 faxing. This rule would need the following:

  • Destination (FQDN object): audiocodesconnector.securefaxportal.com
  • Services: HTTPS (TCP/443)

    Note: You can add HTTP (TCP/80) if you do need to use it.

     
  • Action: Allow
  • Security/Inspection on this rule: Disabled/Bypassed
  • SSL/TLS Decryption: No-decrypt / disabled
  • URL/Content Filter: Bypass/allow
  • IPS/AV: Disabled (for this rule only)  

 


Option 66: Phone Provisioning via DHCP

If you manage your own DHCP server, you can set it to utilize Option 66, aka a TFTP Server, to make it simpler to install and provision your desk phones. 

Note: The name for this setting may vary by manufacturer. Some manufacturers may show this as “Option 66” or “TFTP Server”. 

 

When Option 66 is configured, phones that boot up and connect to the DHCP server will be provided a Provisioning URL. When the phones use the Provisioning URL to connect to our TFTP server, they can request and apply a config file to make setting up and updating themselves more streamlined.

Note: If you are interested in setting up Option 66 for your DHCP server, contact your Installer or our Technical Support team for further assistance.

 
router settings consistent nat sip alg settings configure firewall settings

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • I Hear Static, Humming, or Some Other Persistent Noise
  • Use Your Desk Phone at Home
  • Set Up a Yealink Phone for the First Time
  • Customer Stories
  • Hardware
  • Channel Partners
  • Pricing
  • Blog
  • Contact Us

Main Products

  • Business Phone Software
  • VoIP Features
  • VoIP Integrations
  • Stratus Managed Network
  • AI Business Surveillance
  • Internet

More Products

  • Stratus Web Portal
  • Stratus Fax
  • Emergency Lines
  • Business Texting
  • Business Cellular
  • Business Phone Hardware

Resources

  • About Us
  • FAQ
  • Careers
  • Support
  • Training
  • SpectrumVoIP Store

Connect

  • Facebook Fill 1 Created with Sketch.
  • Twitter Fill 1 Created with Sketch.
  • LinkedIn Group 2 Created with Sketch.
  • YouTube
  • Instagram
  • Pinterest

SpectrumVoIP Status

© SpectrumVoIP™ 2022. All Rights Reserved


Knowledge Base Software powered by Helpjuice

Main — (972) 312-0388 Sales — 866-506-3457 Support — (469) 429-2500 Terms of Service Privacy Policy
Expand